Searching a GPO for a specific setting with Powershell

Searching a GPO for a specific setting with Powershell is a pretty simple task to perform and it’s really handy when you need to go through a ton of policies or domains in the forest. The script I’ll propose below is very basic and will only require you to input the Domain and the string you want to be searching.

Prerequisites

You must be able to have enough permission to access all GPOs in the environment. Searching in a domain where you can only see a part of GPOs is sort of useless as the setting you’re after might not be visible with your rights. Perhaps this is good enough for you.

This is not a prerequisite, but I strongly suggest you to run this from a machine as close as possible to a Domain Controller. In a large environment it’ll take a long time to run, if ran on a slow link.

Searching a GPO for a specific setting with Powershell – The script.

In the example below, I’m searching for “Windows Defender Firewall” for the domain idroplets.com.

Write-Host"A Group Policy matching ""$($String)"" has been found:"-ForegroundcolorGreen

Write-Host"- GPO Name: $($GPO.DisplayName)"-ForegroundcolorGreen

Write-Host"- GPO Id: $($GPO.Id)"-ForegroundcolorGreen

Write-Host"- GPO Status: $($GPO.GpoStatus)"-ForegroundcolorGreen

}

}

Here’s an example of what happens when the script finds what you’re looking for:

If you want to use this on your one, modify the first two lines by adding the domain and the string you want to look for.

Script Review

After the first two variables to be input by the user, the script will try to get the nearest Domain Controller from where the its being executed. This is extremely handy to avoid to go to talk to a Domain Controller on a slower network.
It then gets a list of all GPOs in the domain and sort them by their DisplayName. This is important as the script will then go through them all alphabetically and you’ll can see them as they’re displayed in the GUI without going crazy.
For each GPO found, the script will get a report for it and will finally try to match the string you’re looking for. If it’s found, it’ll write down, in green, that the GPO has been found and will return more info such as the GPO ID and its Status.